Search Search
Ask for Support Ask for Support Support
Status Status Status
Domain IT Grundschutz
» .SOLUTIONS » Domains » BSI IT Grundschutz
Information security in companies and administrations

IT-Grundschutz with verinice

With verinice, you can implement the IT-Grundschutz by German BSI (Federal Office for Information Security) with the IT-Grundschutz Compendium and the BSI standards 200-1, 200-2 and 200-3. The verinice IT-Grundschutz domain is suitable for creating and maintaining an information security management system (ISMS) according to the BSI IT-Grundschutz methodology. You can start working on your security concept immediately. 

Among other things, you benefit from these advantages: 

  • licensed standard works of the BSI (IT-Grundschutz Compendium) with all IT-Grundschutz modules
  • BSI standards 200-x integrated
  • (free) additional modules, e.g. BSI minimum standards, IT-Grundschutz profiles and user-defined modules
  • high flexibility and customizability
  • open source code without backdoors
  • Partner network for support and consulting

ISO 27001 certification based on IT-Grundschutz (standard or core protection) or a BSI certificate (basic protection) is possible with the help of verinice.

The IT-Grundschutz domain is currently available for both the verinice standalone version and the application server verinice.PRO and (from November 2024) in the new generation verinice.veo as SaaS

Domain IT-Grundschutz in verinice
verinice for Information Security Management System

IT-Grundschutz in verinice

verinice supports the IT-Grundschutz of the BSI and the relevant Grundschutz Compendium. Choose the approach of basic, standard or core protection. Use the risk analysis and the IT-Grundschutz checks to maintain and continuously improve your information security.

The BSI standards are essential building blocks of the IT-Grundschutz methodology and the basis of verinice:

  • BSI standard 200-1: Defines general requirements for an information security management system (ISMS).
  • BSI Standard 200-2: This standard covers the IT-Grundschutz methodology and is the basis for setting up an ISMS. verinice supports you in the structural analysis, defining and assigning protection requirements, and handles automatic inheritance of protection requirements.
  • BSI-Standard 200-3: Covers risk management and contains all risk-related steps in the implementation of IT-Grundschutz. Use verinice to perform basic security checks, additional security or risk analyses, and create an implementation and audit plan.
  • BSI-Standard 200-4: Practical instructions for setting up a Business Continuity Management System (BCMS) in your own institution - see the verinice BCM domain.

The “IT-Grundschutz” domain contains all the object types and input masks needed to record target objects, module implementation, requirements, measures, hazards and risks.

Currently, you still have the option of using IT-Grundschutz in the classic verinice (working in the IT-Grundschutz protection perspective) or to decide in favor of the new implementation as SaaS (bundle verinice Grundschutz).

Grundschutz with verinice.veo

Starting in November, the IT-Grundschutz domain will be available in the new verinice.veo, initially as a SaaS offering verinice.cloud – and later also on-premises.

This modernized verinice generation is constantly evolving. We provide you with a transparent overview of which functions have already been implemented and which will be added shortly. Decide for yourself when the time is right for you to make the change.

The domain of IT-Grundschutz in verinice.veo already offers:

  • Structure analysis
  • Assessment of protection needs
  • Building block modeling
  • IT-Grundschutz check
  • Maintenance and continuous improvement
  • Reporting: Creation of the reference documents required for certification
  • Officially licensed IT-Grundschutz compendium of the BSI
    • Building blocks
    • Requirements
    • Hazards
  • Profiles
     
    • “Standard and core protection” profile
  • Automatic creation of the threat overview through integrated mapping of the cross-reference tables
  • Automatic inheritance of the protection requirement
  • Documentation of the implementation of requirements and security measures
  • Assignment of responsible persons for modules, target objects, requirements, etc.
  • Use of all recorded objects in all domains – objects recorded in the basic protection can be used in data protection
     
  • Cloud native: Can be used as a SaaS solution or private cloud
  • Version history: Revision-secure storage of all entries in the object history with the option of recovery
     
  • Multi-Scope: an object can be used in any number of information networks
  • Multi-Part: objects can be nested in any way, e.g. “location-building-room” or “department-team-employee”. Complex structures can be easily mapped.
  • Links: objects can be linked, for example, to designate the person responsible for a module or to automatically pass on the protection requirement between dependent systems.

IT-Grundschutz users can expect the following features in the next releases of verinice.veo:

  • Self-Customizing: customizable levels for protection needs and risk assessment
  • Adding further categories to assess information security, such as “authenticity”
  • Tools for data transfer from verinice(.PRO)
    • Transfer of target objects
    • Transfer of modeled building blocks
    • Transfer of documented requirement implementations
    • Transfer of user authorizations
       
    • Transfer of notes and attachments
  • Fine-grained rights and role management
  • Background processing: Moving long-running requests into the background and notification on completion (import, export, report generation) for more stability even with an interrupted network connection
  • Reduction of documentation effort for implementing requirements through “organization-wide implementation” and “implementation of the implementation”

Our roadmap provides a complete overview of planned features.

With the release of verinice.veo, the verinice team offers options for migrating to the new verinice generation. Have you been working with IT-Grundschutz or the IT-Grundschutz perspective so far? Opt for the bundle verinice Grundschutz and continue your ISMS in this domain.

The new verinice as SaaS verinice.Cloud is ready for use and the range of functions is gradually being expanded. We transparently present the progress here and you decide when the time is right for you to switch. SerNet will continue to support the classic verinice until 2027.

The additional content such as IT-Grundschutz profiles, minimum standards, etc. will soon be available for verinice.veo.

Consulting and Support

SerNet GmbH is the publisher of verinice and is responsible for the technical and functional development of the tool. SerNet also offers technical support and assists the verinice partners: the network of qualified consultants helps with the first use of verinice as well as with the implementation of complex management systems, certifications and audits.

Icon Support verinice

SerNet-Support

Are you already a customer? This way! 
As a new customer, the quickest way to get access to our services is a support budget from the verinice shop. Alternatively, you can contact us directly and conclude a support contract.

Support for verinice
verinice Partner Network

Partner network

Our verinice partners are available to answer any questions you may have and help you with projects related to verinice. In all regions of Germany – and beyond – you will find partners who can support you in a range of specialist areas.

Partner Network
Contact us
Contact